I have a similar requirement. Most operations are locked down to root, so I can SSH to a host as myself and then "sudo sudosh" to become root and do what I need. Is it possible to do this with Ansible?
For example, as myself I can't check the status of docker (running "service docker status" returns "docker status unknown due to insufficient privileges). I've tried using combinations of "remote_user", "sudo" and "sudo_user" without luck, ansible hangs b/c it's trying to do "sudo ..." which I can't do (I have to "sudo sudosh", then I can run things). I could possibly have changes made to /etc/sudoers to allow my user to be able to "sudo" certain commands, but what I'm not sure which commands I'd need to enable. Thanks in advance for any help. On Tuesday, September 9, 2014 5:39:04 PM UTC-4, Darren Johnson wrote: > > So I separated out the sudosh from the sudo. Having sudosh as a login > shell works and records like it should, so I don't think you need to have > another setting. > > This works: > ansible myserver -a "ls /tmp" and so does this: ansible myserver -a "sudo > ls /tmp" > > This doesn't: > ansible myserver -a "ls /tmp" --sudo > > That is where I get the redirection error. > > Darren > > > On Wednesday, September 3, 2014 2:15:06 PM UTC-5, Michael DeHaan wrote: >> >> Hi Darren, >> >> Hmm.... so yeah if >> http://docs.ansible.com/intro_configuration.html#sudo-exe does not help, >> it seems we need to have another setting that if set adds the "-c", so it >> can be removed. >> >> Maybe this would work if it were tunable? >> >> I believe this would be easy to implement. >> >> Something like "base_sudo_flags=-c" # etc >> >> and you could remove it... >> >> --Michael >> >> >> On Wed, Sep 3, 2014 at 12:32 PM, Darren Johnson <[email protected]> >> wrote: >> >>> I am trying to meet a corporate requirement wherein ansible's actions >>> are recorded by sudosh on each server it touches. I tried changing >>> "executable" from /bin/sh to /usr/bin/sudosh, but sudosh doesn't have the >>> corresponding -c parameter (it has one, but with different meaning). I >>> tried making ansible's login shell be /usr/bin/sudosh. That works for >>> non-sudo operations--I can* ls /tmp* and that works. However, if I try >>> to sudo from the sudosh shell, I get the following error: >>> >>> ...isn't allowed to be executed with process or redirect controls. >>> >>> I don't see a lot of information on this particular error in the context >>> of sudo/sh. >>> >>> Is it even feasible/possible to do what I'm trying to do? >>> >>> Thanks... >>> >>> Darren >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/8c7ebddc-c541-4718-ab7b-36fd9c0ec2b5%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/ansible-project/8c7ebddc-c541-4718-ab7b-36fd9c0ec2b5%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/96ecae02-6367-4925-8594-5369a684adae%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
